Threat Intelligence Feed

CVE-2026-54533 vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, malicious algorithms CVE-2026-54445 vantage6 is an open-source infrastructure for privacy preserving analysis. Versions prior to 5.0.0 provide an initial us CVE-2026-53676 ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution within a sandboxed c CVE-2026-50268 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applicati MED · CVE-2026-50267 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applicati MED · CVE-2026-50202 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applicati MED · CVE-2026-50201 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applicati HIGH · CVE-2026-48759 TypeBot is a chatbot builder tool. Versions 3.15.2 and below have an Insecure Direct Object Reference vulnerability thro HIGH · CVE-2026-45617 LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, HIGH · CVE-2026-45357 LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, MED · CVE-2026-44646 LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, MED · CVE-2026-44645 LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, MED · CVE-2026-44644 LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. Versions 10.25.7 and below are MED · CVE-2026-12568 The postman_download module uses the workspace name field from the Postman API to construct the local directory path wit CVE-2026-12567 The github_workflows module constructs local directory paths from user-controlled repository names without validating fo CVE-2026-12566 The docker_pull module uses the realm parameter from a Docker registry's WWW-Authenticate response header as the authent MED · CVE-2026-12565 The unarchive internal module's archive extraction commands perform no code-level validation on extracted file paths, re CVE-2024-27928 vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, if an attacker hacks CVE-2024-24769 vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, users can reset their HIGH · CVE-2026-8050 In SignalRGB versions prior to 1.3.7.0, seven of the thirteen IOCTL handlers dereference the SystemBuffer pointer withou MED · CVE-2026-8049 In SignalRGB versions prior to 1.3.7.0, the \\.\SignalIo device object is created without an explicit SDDL security desc MED · CVE-2026-54386 marimo before 0.23.9 contains a reflected cross-site scripting vulnerability in the notebook page that allows unauthenti HIGH · CVE-2026-50200 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applicati HIGH · CVE-2026-50196 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applicati HIGH · CVE-2026-50194 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applicati HIGH · CVE-2026-48997 e107 is a content management system (CMS). Versions 2.3.5 and earlier contain a command injection vulnerability in the MED · CVE-2026-48991 XianYuLauncher is a Minecraft Java Edition launcher. In versions prior to 1.5.5, sensitive authentication artifacts coul MED · CVE-2026-48990 joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standar CVE-2026-48989 Windows-MCP is an open-source project that integrates AI agents with Windows. In versions prior to 0.7.5, certain HTTP m CVE-2026-48820 CakePHP is a rapid development framework for PHP. In versions 4.5.11 and earlier, 4.6.0 through 4.6.3, 5.0.0 through 5.1 HIGH · CVE-2026-12530 Improper neutralization of argument delimiters in the install_packages() method in AWS Bedrock AgentCore Python SDK vers MED · CVE-2026-49133 Typemill before 2.24.0 contains a path traversal vulnerability that allows authenticated attackers with Author-level pri MED · CVE-2026-48988 markdown-it is a Markdown parser. Versions 14.1.1 and below contain a denial-of-service vulnerability when typographer: HIGH · CVE-2026-48979 PHP Standard Library (PSL) is set of APIs covering async, collections, networking, I/O, cryptography, terminal UI, etc. MED · CVE-2026-48821 Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a DOM-based Cross-Site Scripting (XSS) vuln HIGH · CVE-2026-55202 Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, MED · CVE-2026-55201 Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the download_dir() function HIGH · CVE-2026-55200 libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() t MED · CVE-2026-55199 libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SS CRIT · CVE-2026-54388 Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers w CVE-2026-54533 vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, malicious algorithms CVE-2026-54445 vantage6 is an open-source infrastructure for privacy preserving analysis. Versions prior to 5.0.0 provide an initial us CVE-2026-53676 ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution within a sandboxed c CVE-2026-50268 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applicati MED · CVE-2026-50267 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applicati MED · CVE-2026-50202 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applicati MED · CVE-2026-50201 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applicati HIGH · CVE-2026-48759 TypeBot is a chatbot builder tool. Versions 3.15.2 and below have an Insecure Direct Object Reference vulnerability thro HIGH · CVE-2026-45617 LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, HIGH · CVE-2026-45357 LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, MED · CVE-2026-44646 LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, MED · CVE-2026-44645 LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, MED · CVE-2026-44644 LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. Versions 10.25.7 and below are MED · CVE-2026-12568 The postman_download module uses the workspace name field from the Postman API to construct the local directory path wit CVE-2026-12567 The github_workflows module constructs local directory paths from user-controlled repository names without validating fo CVE-2026-12566 The docker_pull module uses the realm parameter from a Docker registry's WWW-Authenticate response header as the authent MED · CVE-2026-12565 The unarchive internal module's archive extraction commands perform no code-level validation on extracted file paths, re CVE-2024-27928 vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, if an attacker hacks CVE-2024-24769 vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, users can reset their HIGH · CVE-2026-8050 In SignalRGB versions prior to 1.3.7.0, seven of the thirteen IOCTL handlers dereference the SystemBuffer pointer withou MED · CVE-2026-8049 In SignalRGB versions prior to 1.3.7.0, the \\.\SignalIo device object is created without an explicit SDDL security desc MED · CVE-2026-54386 marimo before 0.23.9 contains a reflected cross-site scripting vulnerability in the notebook page that allows unauthenti HIGH · CVE-2026-50200 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applicati HIGH · CVE-2026-50196 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applicati HIGH · CVE-2026-50194 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applicati HIGH · CVE-2026-48997 e107 is a content management system (CMS). Versions 2.3.5 and earlier contain a command injection vulnerability in the MED · CVE-2026-48991 XianYuLauncher is a Minecraft Java Edition launcher. In versions prior to 1.5.5, sensitive authentication artifacts coul MED · CVE-2026-48990 joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standar CVE-2026-48989 Windows-MCP is an open-source project that integrates AI agents with Windows. In versions prior to 0.7.5, certain HTTP m CVE-2026-48820 CakePHP is a rapid development framework for PHP. In versions 4.5.11 and earlier, 4.6.0 through 4.6.3, 5.0.0 through 5.1 HIGH · CVE-2026-12530 Improper neutralization of argument delimiters in the install_packages() method in AWS Bedrock AgentCore Python SDK vers MED · CVE-2026-49133 Typemill before 2.24.0 contains a path traversal vulnerability that allows authenticated attackers with Author-level pri MED · CVE-2026-48988 markdown-it is a Markdown parser. Versions 14.1.1 and below contain a denial-of-service vulnerability when typographer: HIGH · CVE-2026-48979 PHP Standard Library (PSL) is set of APIs covering async, collections, networking, I/O, cryptography, terminal UI, etc. MED · CVE-2026-48821 Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a DOM-based Cross-Site Scripting (XSS) vuln HIGH · CVE-2026-55202 Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, MED · CVE-2026-55201 Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the download_dir() function HIGH · CVE-2026-55200 libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() t MED · CVE-2026-55199 libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SS CRIT · CVE-2026-54388 Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers w